Improper Access Control in Grandstream Networking Devices
CVE-2019-10657

6.5MEDIUM

Key Information:

Vendor

Grandstream

Status
Gwn7610 Firmware
Vendor
CVE Published:
30 March 2019

What is CVE-2019-10657?

Certain Grandstream networking devices, specifically the GWN7000 and GWN7610 models, are susceptible to a vulnerability that enables remote authenticated users to exploit configuration requests and discover sensitive passwords. This security flaw occurs prior to specific firmware updates, exposing devices to unauthorized access by leveraging the /ubus/uci.apply configuration endpoint.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.trustwave.com/en-us/resources/security-resour...
x_refsource_MISC
https://github.com/scarvell/grandstream_exploits
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.